Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

tracemem/approvals

Name: approvals
Author: tracemem

skills/approvals/SKILL.md

npx skillsauth add tracemem/tracemem-skills approvals

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Skill: TraceMem Approvals and Human-in-the-Loop

Purpose

This skill teaches how to handle scenarios where an action requires human approval. This is a core feature of TraceMem's governance model.

When to Use

When decision_evaluate returns outcome: "requires_exception".
When your automation mode is approve (meaning you expect to wait for approval).
When you detect a high-risk situation and voluntarily want to ask for confirmation.

When NOT to Use

Do not ask for approval if the policy denys the action outright (you cannot bypass a deny).
Do not ask for approval for trivial read-only tasks that don't need it.

Core Rules

Request and Wait: Approval is an asynchronous process. You request it, then you poll (wait) for the result.
Do Not Proceed Unapproved: If you receive a rejected status, you must abort the operation. Proceeding is a violation.
Provide Rationale: When requesting approval, explain why the exception is needed. This helps the human decider.

Correct Usage Pattern

Request Approval: Call decision_request_approval with:
- decision_id: Current decision.
- title: Short summary (e.g., "High Value Refund").
- message: Detailed explanation ("Refund of $500 exceeds $100 auto-limit").
- require_rationale: true (usually good practice).
- expires_in_seconds: e.g., 3600 (1 hour).
Result: You get an approval_id and status requested.
Poll for Concluson: Loop and call decision_get periodically (e.g., every 5-10 seconds). Check status field.
- If open or needs_approval: Continue waiting.
- If approved: Break loop and proceed.
- If rejected: Break loop and handle rejection (abort/rollback).
Proceed: Once approved, you can retry the operation (e.g., the write) that was previously blocked or required the exception. The policy check should now pass (or you can proceed if the approval was the gate).

Common Mistakes

Busy Waiting: Polling too fast (e.g., every 10ms) will hit rate limits. Use reasonable sleep (5-10s).
Ignoring Rejection: Treating rejected as a "soft" error and trying again immediately.
Timeout Handling: Waiting forever. Set a max wait time (e.g., 5 minutes) and abort if no human responds.

Safety Notes

Notification Channels: The human is notified via configured channels (Slack, Email). You don't need to send the email yourself; TraceMem handles the routing.
Context: The approver sees the Context and Reads you performed. Ensure you added enough context before requesting approval so they have the full picture.

tracemem/approvals

skills/approvals/SKILL.md

Guidelines for seeking user approval for sensitive actions.

1 stars

documentation

Updated Apr 21, 2026

$ install --global

skillsauth

npx skillsauth add tracemem/tracemem-skills approvals

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 22, 2026, 3:34 AM51.9s1 file scanned

SKILL.md

name:: approvals
description:: Guidelines for seeking user approval for sensitive actions.

Skill: TraceMem Approvals and Human-in-the-Loop

Purpose

This skill teaches how to handle scenarios where an action requires human approval. This is a core feature of TraceMem's governance model.

When to Use

When decision_evaluate returns outcome: "requires_exception".
When your automation mode is approve (meaning you expect to wait for approval).
When you detect a high-risk situation and voluntarily want to ask for confirmation.

When NOT to Use

Do not ask for approval if the policy denys the action outright (you cannot bypass a deny).
Do not ask for approval for trivial read-only tasks that don't need it.

Core Rules

Request and Wait: Approval is an asynchronous process. You request it, then you poll (wait) for the result.
Do Not Proceed Unapproved: If you receive a rejected status, you must abort the operation. Proceeding is a violation.
Provide Rationale: When requesting approval, explain why the exception is needed. This helps the human decider.

Correct Usage Pattern

Request Approval: Call decision_request_approval with:
- decision_id: Current decision.
- title: Short summary (e.g., "High Value Refund").
- message: Detailed explanation ("Refund of $500 exceeds $100 auto-limit").
- require_rationale: true (usually good practice).
- expires_in_seconds: e.g., 3600 (1 hour).
Result: You get an approval_id and status requested.
Poll for Concluson: Loop and call decision_get periodically (e.g., every 5-10 seconds). Check status field.
- If open or needs_approval: Continue waiting.
- If approved: Break loop and proceed.
- If rejected: Break loop and handle rejection (abort/rollback).
Proceed: Once approved, you can retry the operation (e.g., the write) that was previously blocked or required the exception. The policy check should now pass (or you can proceed if the approval was the gate).

Common Mistakes

Busy Waiting: Polling too fast (e.g., every 10ms) will hit rate limits. Use reasonable sleep (5-10s).
Ignoring Rejection: Treating rejected as a "soft" error and trying again immediately.
Timeout Handling: Waiting forever. Set a max wait time (e.g., 5 minutes) and abort if no human responds.

Safety Notes

Notification Channels: The human is notified via configured channels (Slack, Email). You don't need to send the email yourself; TraceMem handles the routing.
Context: The approver sees the Context and Reads you performed. Ensure you added enough context before requesting approval so they have the full picture.

Related Skills

tracemem/writing-data

testing

VerifiedTrustedCommunity

Instructions for writing and efficiently storing data in TraceMem.

1SKILL.mdUpdated Apr 21, 2026

tracemem/writing-data

tracemem/workflows

tools

VerifiedTrustedCommunity

Complete workflow patterns for common TraceMem operations.

1SKILL.mdUpdated Apr 21, 2026

tracemem/when-not-to-use

tools

VerifiedTrustedCommunity

Scenarios where TraceMem should not be used.

1SKILL.mdUpdated Apr 21, 2026

tracemem/when-not-to-use

tracemem/traces-and-audit

development

VerifiedTrustedCommunity

Auditing memory traces and debugging.

1SKILL.mdUpdated Apr 21, 2026

tracemem/traces-and-audit

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/tracemem/tracemem-skills.git

# Copy into Claude Code skills folder (global)
cp -r tracemem-skills/skills/approvals ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

tracemem/tracemem-skills

1 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT